Esempio n. 1
0
    def test_new_user_only_member(self):
        """
        Existing user, valid project, no edit permissions.

        Action should be invalid.
        """

        project = fake_clients.FakeProject(name="test_project")

        user = fake_clients.FakeUser(name="*****@*****.**",
                                     password="******",
                                     email="*****@*****.**")

        setup_identity_cache(projects=[project], users=[user])

        task = Task.objects.create(ip_address="0.0.0.0",
                                   keystone_user={
                                       'roles': ['_member_'],
                                       'project_id': project.id,
                                       'project_domain_id': 'default',
                                   })

        data = {
            'email': '*****@*****.**',
            'project_id': project.id,
            'roles': ['_member_'],
            'inherited_roles': [],
            'domain_id': 'default',
        }

        action = NewUserAction(data, task=task, order=1)

        action.pre_approve()
        self.assertFalse(action.valid)
Esempio n. 2
0
    def test_new_user_no_tenant(self):
        """
        No user, no tenant.
        """

        setup_identity_cache()

        task = Task.objects.create(ip_address="0.0.0.0",
                                   keystone_user={
                                       'roles': ['admin', 'project_mod'],
                                       'project_id': 'test_project_id',
                                       'project_domain_id': 'default',
                                   })

        data = {
            'email': '*****@*****.**',
            'project_id': 'test_project_id',
            'roles': ['_member_'],
            'inherited_roles': [],
            'domain_id': 'default',
        }

        action = NewUserAction(data, task=task, order=1)

        action.pre_approve()
        self.assertEqual(action.valid, False)

        action.post_approve()
        self.assertEqual(action.valid, False)

        token_data = {}
        action.submit(token_data)
        self.assertEqual(action.valid, False)
Esempio n. 3
0
    def test_new_user_existing_role(self):
        """
        Existing user, valid tenant, has role.

        Should complete the action as if no role,
        but actually do nothing.
        """

        project = fake_clients.FakeProject(name="test_project")

        user = fake_clients.FakeUser(name="*****@*****.**",
                                     password="******",
                                     email="*****@*****.**")

        assignment = fake_clients.FakeRoleAssignment(
            scope={'project': {
                'id': project.id
            }},
            role_name="_member_",
            user={'id': user.id})

        setup_identity_cache(projects=[project],
                             users=[user],
                             role_assignments=[assignment])

        task = Task.objects.create(ip_address="0.0.0.0",
                                   keystone_user={
                                       'roles': ['admin', 'project_mod'],
                                       'project_id': project.id,
                                       'project_domain_id': 'default',
                                   })

        data = {
            'email': '*****@*****.**',
            'project_id': project.id,
            'roles': ['_member_'],
            'inherited_roles': [],
            'domain_id': 'default',
        }

        action = NewUserAction(data, task=task, order=1)

        action.pre_approve()
        self.assertEqual(action.valid, True)

        action.post_approve()
        self.assertEqual(action.valid, True)
        self.assertEqual(action.action.state, 'complete')

        token_data = {}
        action.submit(token_data)
        self.assertEqual(action.valid, True)

        fake_client = fake_clients.FakeManager()

        roles = fake_client._get_roles_as_names(user, project)
        self.assertEqual(roles, ['_member_'])
Esempio n. 4
0
    def test_new_user_disabled(self):
        """
        Disabled user, valid existing tenant, no role.
        """
        project = mock.Mock()
        project.id = 'test_project_id'
        project.name = 'test_project'
        project.domain = 'default'
        project.roles = {}

        user = mock.Mock()
        user.id = 'user_id_1'
        user.name = "*****@*****.**"
        user.email = "*****@*****.**"
        user.domain = 'default'
        user.enabled = False

        setup_temp_cache({'test_project': project}, {user.id: user})

        task = Task.objects.create(ip_address="0.0.0.0",
                                   keystone_user={
                                       'roles': ['admin', 'project_mod'],
                                       'project_id': 'test_project_id',
                                       'project_domain_id': 'default',
                                   })

        data = {
            'email': '*****@*****.**',
            'project_id': 'test_project_id',
            'roles': ['_member_'],
            'domain_id': 'default',
        }

        action = NewUserAction(data, task=task, order=1)

        action.pre_approve()
        self.assertEquals(action.valid, True)

        action.post_approve()
        self.assertEquals(action.valid, True)

        token_data = {'password': '******'}
        action.submit(token_data)
        self.assertEquals(action.valid, True)
        self.assertEquals(len(tests.temp_cache['users']), 2)
        # The new user id in this case will be "user_id_1"
        self.assertEquals(tests.temp_cache['users']["user_id_1"].email,
                          '*****@*****.**')
        self.assertEquals(tests.temp_cache['users']["user_id_1"].password,
                          '123456')
        self.assertEquals(tests.temp_cache['users']["user_id_1"].enabled, True)

        self.assertEquals(project.roles["user_id_1"], ['_member_'])
Esempio n. 5
0
    def test_new_user_disabled(self):
        """
        Disabled user, valid existing tenant, no role.
        """

        project = fake_clients.FakeProject(name="test_project")

        user = fake_clients.FakeUser(name="*****@*****.**",
                                     password="******",
                                     email="*****@*****.**",
                                     enabled=False)

        setup_identity_cache(projects=[project], users=[user])

        task = Task.objects.create(ip_address="0.0.0.0",
                                   keystone_user={
                                       'roles': ['admin', 'project_mod'],
                                       'project_id': project.id,
                                       'project_domain_id': 'default',
                                   })

        data = {
            'email': '*****@*****.**',
            'project_id': project.id,
            'roles': ['_member_'],
            'inherited_roles': [],
            'domain_id': 'default',
        }

        action = NewUserAction(data, task=task, order=1)

        action.pre_approve()
        self.assertEqual(action.valid, True)

        action.post_approve()
        self.assertEqual(action.valid, True)

        token_data = {'password': '******'}
        action.submit(token_data)
        self.assertEqual(action.valid, True)
        self.assertEqual(len(fake_clients.identity_cache['users']), 2)

        fake_client = fake_clients.FakeManager()

        user = fake_client.find_user(name="*****@*****.**", domain="default")

        self.assertEqual(user.email, '*****@*****.**')
        self.assertEqual(user.password, '123456')
        self.assertTrue(user.enabled)

        roles = fake_client._get_roles_as_names(user, project)
        self.assertEqual(roles, ['_member_'])
Esempio n. 6
0
    def test_create_user_email_not_username(self):
        """
        Test the default case, all valid.
        No existing user, valid tenant.
        Different username from email address
        """
        project = mock.Mock()
        project.id = 'test_project_id'
        project.name = 'test_project'
        project.domain = 'default'
        project.roles = {}

        setup_temp_cache({'test_project': project}, {})

        task = Task.objects.create(ip_address="0.0.0.0",
                                   keystone_user={
                                       'roles': ['admin', 'project_mod'],
                                       'project_id': 'test_project_id',
                                       'project_domain_id': 'default',
                                   })

        data = {
            'username': '******',
            'email': '*****@*****.**',
            'project_id': 'test_project_id',
            'roles': ['_member_'],
            'domain_id': 'default',
        }

        action = NewUserAction(data, task=task, order=1)

        action.pre_approve()
        self.assertEquals(action.valid, True)

        action.post_approve()
        self.assertEquals(action.valid, True)

        token_data = {'password': '******'}
        action.submit(token_data)
        self.assertEquals(action.valid, True)
        self.assertEquals(len(tests.temp_cache['users']), 2)
        # The new user id in this case will be "user_id_1"
        self.assertEquals(tests.temp_cache['users']["user_id_1"].email,
                          '*****@*****.**')
        self.assertEquals(tests.temp_cache['users']["user_id_1"].name,
                          'test_user')
        self.assertEquals(tests.temp_cache['users']["user_id_1"].password,
                          '123456')

        self.assertEquals(project.roles["user_id_1"], ['_member_'])
Esempio n. 7
0
    def test_new_user_existing_role(self):
        """
        Existing user, valid tenant, has role.

        Should complete the action as if no role,
        but actually do nothing.
        """

        user = mock.Mock()
        user.id = 'user_id'
        user.name = "*****@*****.**"
        user.email = "*****@*****.**"
        user.domain = 'default'

        project = mock.Mock()
        project.id = 'test_project_id'
        project.name = 'test_project'
        project.domain = 'default'
        project.roles = {user.id: ['_member_']}

        setup_temp_cache({'test_project': project}, {user.id: user})

        task = Task.objects.create(ip_address="0.0.0.0",
                                   keystone_user={
                                       'roles': ['admin', 'project_mod'],
                                       'project_id': 'test_project_id',
                                       'project_domain_id': 'default',
                                   })

        data = {
            'email': '*****@*****.**',
            'project_id': 'test_project_id',
            'roles': ['_member_'],
            'domain_id': 'default',
        }

        action = NewUserAction(data, task=task, order=1)

        action.pre_approve()
        self.assertEquals(action.valid, True)

        action.post_approve()
        self.assertEquals(action.valid, True)
        self.assertEquals(action.action.state, 'complete')

        token_data = {}
        action.submit(token_data)
        self.assertEquals(action.valid, True)

        self.assertEquals(project.roles[user.id], ['_member_'])
Esempio n. 8
0
    def test_create_user_email_not_username(self):
        """
        Test the default case, all valid.
        No existing user, valid tenant.
        Different username from email address
        """
        project = fake_clients.FakeProject(name="test_project")

        setup_identity_cache(projects=[project])

        task = Task.objects.create(ip_address="0.0.0.0",
                                   keystone_user={
                                       'roles': ['admin', 'project_mod'],
                                       'project_id': project.id,
                                       'project_domain_id': 'default',
                                   })

        data = {
            'username': '******',
            'email': '*****@*****.**',
            'project_id': project.id,
            'roles': ['_member_'],
            'inherited_roles': [],
            'domain_id': 'default',
        }

        action = NewUserAction(data, task=task, order=1)

        action.pre_approve()
        self.assertEqual(action.valid, True)

        action.post_approve()
        self.assertEqual(action.valid, True)

        token_data = {'password': '******'}
        action.submit(token_data)
        self.assertEqual(action.valid, True)
        self.assertEqual(len(fake_clients.identity_cache['users']), 2)

        fake_client = fake_clients.FakeManager()

        user = fake_client.find_user(name="test_user", domain="default")

        self.assertEqual(user.email, '*****@*****.**')
        self.assertEqual(user.password, '123456')
        self.assertTrue(user.enabled)

        roles = fake_client._get_roles_as_names(user, project)
        self.assertEqual(roles, ['_member_'])
Esempio n. 9
0
    def test_new_user_wrong_domain(self):
        """
        Existing user, valid project, invalid domain.

        Action should be invalid.
        """

        project = fake_clients.FakeProject(name="test_project")

        user = fake_clients.FakeUser(name="*****@*****.**",
                                     password="******",
                                     email="*****@*****.**")

        assignment = fake_clients.FakeRoleAssignment(
            scope={'project': {
                'id': project.id
            }},
            role_name="_member_",
            user={'id': user.id})

        setup_identity_cache(projects=[project],
                             users=[user],
                             role_assignments=[assignment])

        task = Task.objects.create(ip_address="0.0.0.0",
                                   keystone_user={
                                       'roles': ['project_admin'],
                                       'project_id': project.id,
                                       'project_domain_id': 'default',
                                   })

        data = {
            'email': '*****@*****.**',
            'project_id': project.id,
            'roles': ['_member_'],
            'inherited_roles': [],
            'domain_id': 'not_default',
        }

        action = NewUserAction(data, task=task, order=1)

        action.pre_approve()
        self.assertFalse(action.valid)
Esempio n. 10
0
    def test_new_user_wrong_domain(self):
        """
        Existing user, valid project, invalid domain.

        Action should be invalid.
        """

        user = mock.Mock()
        user.id = 'user_id'
        user.name = "*****@*****.**"
        user.email = "*****@*****.**"
        user.domain = 'default'

        project = mock.Mock()
        project.id = 'test_project_id'
        project.name = 'test_project'
        project.domain = 'default'
        project.roles = {user.id: ['_member_']}

        setup_temp_cache({'test_project': project}, {user.id: user})

        task = Task.objects.create(ip_address="0.0.0.0",
                                   keystone_user={
                                       'roles': ['_member_'],
                                       'project_id': 'test_project_id',
                                       'project_domain_id': 'default',
                                   })

        data = {
            'email': '*****@*****.**',
            'project_id': 'test_project_id',
            'roles': ['_member_'],
            'domain_id': 'not_default',
        }

        action = NewUserAction(data, task=task, order=1)

        action.pre_approve()
        self.assertFalse(action.valid)